Forbes Reveals How Police Use Car Media Systems for Surveillance

According to a Forbes report, federal law enforcement agencies, along with immigration and border services, are using technology that exploits vulnerabilities in car media systems to extract data from 10,000 different vehicle models. In 2022, immigration officers and police increasingly began collecting evidence this way—sometimes obtaining more information than from a suspect’s phone. Court documents and government contract reports show that agencies tasked with monitoring the Mexican border “spent record amounts on car hacking tools,” while claiming that a huge amount of valuable evidence can be obtained from onboard computers.

Forbes states that Customs and Border Protection (CBP) and Immigration and Customs Enforcement (ICE) use a toolkit called iVe from automotive forensics company Berla. The iVe toolkit includes a mobile app for vehicle identification, a hardware kit for accessing media systems, and specialized software for data analysis. According to government contracts, in August, CBP spent over $380,000 on iVe. ICE, which has been purchasing Berla’s tools since 2010, spent $500,000 on iVe in September.

How iVe and Similar Tools Work

The iVe mobile app and hardware allow law enforcement to access and analyze data stored in a vehicle’s infotainment system. This can include navigation history, call logs, contact lists, and even data synced from connected smartphones.

The privacy advocacy group Surveillance Technology Oversight Project (S.T.O.P.) reported that cars also store data about passengers, which police can extract using specialized tools. S.T.O.P. estimates that in 2020, law enforcement accessed onboard computers hundreds of thousands of times. Moreover, legal loopholes allow authorities to access vehicle data, information from connected phones, and web service accounts without a warrant.

Case Example: Dodge Charger Search

Forbes mentioned a recent search of a 2019 Dodge Charger used to transport undocumented immigrants across the Mexican border into the U.S. Police were able to access the car’s infotainment system and collect a wide range of information—including the suspect’s location, user passwords, email addresses, IP addresses, and phone numbers.

Widespread Access Across Car Brands

An investigator from the Bureau of Alcohol, Tobacco, Firearms and Explosives (ATF) stated that modern car media systems can be used to collect large amounts of data and even remotely spy on a phone connected to the vehicle. ATF confirmed that this method of data collection is available in more than 10,000 different models from brands such as BMW, Buick, Cadillac, Chevrolet, Chrysler, Dodge, Fiat, Ford, GMC, Hummer, Jeep, Lincoln, Maserati, Mercedes, Mercury, Pontiac, Ram, Saturn, Toyota, and Volkswagen. Additionally, Tesla infotainment systems store credentials for Google and Spotify services, Wi-Fi passwords, and more.

Remote Car Hacking and Cybersecurity Risks

Previous reports have shown that it’s possible to hack a car remotely without even starting the engine. Such cyberattacks can unlock certain vehicle functions, remove software restrictions, and more, raising significant concerns about automotive cybersecurity and privacy.